H3C S5590-HI Series Ethernet Switches
- Classification:Access layer switch
- Release time:2025-11-12
- Page views:0
H3C S5590-HI Series Ethernet Switches
- Classification:Access layer switch
- Release time:2025-11-12
- Page views:0
The H3C S5590-HI series switches are a new generation of high-performance, high-port-density, and high-security Layer 3 Ethernet switches developed by H3C Technologies Co., Ltd. (hereinafter referred to as H3C) using professional ASIC technology. They support IPv4/IPv6 dual-stack management and forwarding, static routing protocols and routing protocols such as RIP, OSPF, BGP, and ISIS, and support rich management and security features. They are gigabit Layer 3 Ethernet switch products for converged service networks.
In campus networks, the S5590-HI series switches can serve as aggregation layer devices or as the core for small and medium-sized enterprises. Downstream, they can provide high-density GE aggregation lower-layer switches, and upstream, they can aggregate to the core switch via 10G/25G/40G/100G fiber optic cables or link aggregation, working together with other H3C products to build high-performance end-to-end IP network solutions.
The H3C S5590-HI series Ethernet switches currently include the following models:
S5590-28T8XC-HI: 28 10/100/1000BASE-T ports (4 combo SFP ports), 8 10G/1G BASE-X SFP+ ports, 2 slot expansion slots, 2 modular fan slots, and 2 hot-swappable power supply slots.
S5590-48T4XC-HI: 48 10/100/1000BASE-T ports, 4 10G/1G BASE-X SFP+ ports, 2 slot expansion slots, 2 modular fan slots, and 2 hot-swappable power supply slots.
S5590-28S8XC-HI: 28 100/1000BASE-X SFP (4 combo GE ports), 8 10G/1G BASE-X SFP+ ports, 2 slot expansion slots, 2 modular fan slots, and 2 hot-swappable power supply slots;
S5590-48S4XC-HI: 48 100/1000BASE-X SFP ports, 4 10G/1G BASE-X SFP+ ports, 2 slot expansion slots, 2 modular fan slots, and 2 hot-swappable power supply slots;
Features
SmartMC (Intelligent Management Center)
As network scale increases, a large number of access devices are needed at the network edge, making the management of these devices extremely cumbersome. The main purpose of SmartMC is to solve the problem of centralized management of a large number of distributed network devices. It aims to address the maintenance tasks of small businesses primarily using switches. SmartMC achieves unified operation and management of the network through built-in device functionality and a graphical interface.
SmartMC's four business segments simplify the operation and management of small and medium-sized industrial parks:
Intelligent Management:
This mainly includes selecting device roles, configuring the FTP server, global configuration, and configuring the network management port.
Intelligent Operation and Maintenance:
This mainly includes group management, device or group upgrade and backup, monitoring, and device failure replacement.
Visualization:
This mainly includes network topology visualization and management, device list display, etc.
Intelligent Business:
This mainly includes user management: After creating and successfully activating network access users, these users can access the SmartMC network through the one-click armed port.
The H3C S5590-HI series switches have built-in SmartMC, enabling vertical virtualization and unified management.
VxLAN features
The H3C S5590-HI series switches support VXLAN (Virtual Extensible LAN). VXLAN encapsulates data packets sent by virtual machines in UDP and uses the physical network's IP/MAC address as the outer header before transmitting them over the physical IP network. Upon arrival at the destination, the tunnel endpoint decapsulates the packets and sends the data to the target virtual machine. This solves the problem of long-distance virtual machine migration between geographically dispersed data centers and supports EVPN mode.
Highly available M-LAG architecture
The H3C S5590-HI series switches support M-LAG (Multichassis Link Aggregation Group) cross-device link aggregation technology (formerly DRNI technology), which achieves cross-device link aggregation by virtualizing two physical devices into one device at the forwarding layer, maintaining independence at the control layer and improving device-level reliability.
M-LAG decouples the control plane from the data plane, allowing each node device to be upgraded independently, ensuring zero interruption of user services.
The dual-active access of the device provides device-level redundancy protection and traffic load sharing, while improving system reliability.
Suitable for both overlay and traditional underlay scenarios, offering flexible networking options.
Multi-service integration
The H3C S5590-HI series switches are based on H3C's Open Services Architecture (OAA), which not only provides the functions of traditional switches, but also integrates security module cards such as FW, IPS, and load balancer, as well as Eagle Vision scanner cards, mini-iMC cards, Netstream cards, etc., making the S5590-HI series switches a converged multi-service carrier platform.
The H3C S5590-HI series switches support converged AC, enabling the management of AP devices and achieving integrated wired and wireless management.
High-performance IPv4/IPv6 service capabilities
The H3C S5590-HI series switches implement a hardware-based IPv4/IPv6 dual-stack platform, supporting various tunneling technologies, rich IPv4 and IPv6 Layer 3 routing protocols, multicast technology, and policy routing mechanisms, providing users with a complete IPv4/IPv6 solution.
IRF2 (Second Generation Intelligent Resilient Architecture)
The H3C S5590-HI series switches support IRF2 (Intelligent Resilient Architecture 2) technology, which connects multiple physical devices together, virtualizing them as a single logical device. This means users can manage and use these multiple devices as a single unit. IRF offers the following benefits:
Simplify managementOnce the IRF architecture is established, it can connect to any port of any device to log in to a unified logical device. By configuring a single device, it can manage the entire intelligent elastic system and all member devices within the system, without having to physically connect to each member device to configure and manage them separately.
Simplify businessThe various control protocols running in the logical devices formed by IRF are also run as a single device. For example, the routing protocol is calculated as a single device. With the application of cross-device link aggregation technology, it can replace the original spanning tree protocol. This can save a lot of protocol message interaction between devices, simplify network operation, and shorten the convergence time when the network is unstable.
Elastic scalingIt can be flexibly expanded according to user needs, ensuring user investment. Furthermore, new devices can be hot-swapped when joining or leaving the IRF architecture, without affecting the normal operation of other devices.
High reliabilityIRF's high reliability is reflected in three aspects: links, devices, and protocols. Physical ports between member devices support aggregation, as do physical connections between the IRF system and upper/lower-layer devices. This multi-link backup improves link reliability. The IRF system consists of multiple member devices; if the Master device fails, the system quickly and automatically elects a new Master to ensure uninterrupted service flow, achieving device-level 1:N backup. The IRF system also features real-time protocol hot backup, backing up protocol configuration information to all other member devices, thus achieving 1:N protocol reliability.
high performanceFor high-end switches, performance and port density improvements are limited by hardware architecture. However, the performance and port density of an IRF system are the sum of the performance and number of ports of all devices within the IRF. Therefore, IRF technology can easily increase the switching capacity and user port density of a device several times over, thereby significantly improving device performance.
Comprehensive security control strategy
The H3C S5590-HI series switches support EAD (Endpoint Admission Control) functionality. When used in conjunction with a backend system, endpoint security measures such as antivirus and patch repair can be integrated with network security measures such as network access control and access permission control into a unified security system. By inspecting, isolating, repairing, managing, and monitoring network access terminals, the entire network can be transformed from passive defense to active defense, from single-point defense to comprehensive defense, and from decentralized management to centralized policy management, thereby improving the network's overall defense capabilities against emerging security threats such as viruses and worms.
The H3C S5590-HI series switches support centralized MAC address authentication, 802.1x authentication, and dynamic or static binding of user identification elements such as user accounts, IP addresses, MAC addresses, VLANs, and ports. They also enable dynamic distribution of user policies (VLANs, QoS, ACLs). Furthermore, they support real-time management of online users in conjunction with H3C's iMC system, enabling timely diagnosis and resolution of illegal network activities.
The H3C S5590-HI series switches offer enhanced ACL control logic, supporting ultra-high-capacity ingress and egress port ACLs, and VLAN-based ACL deployment. This simplifies user configuration while avoiding wasted ACL resources. Furthermore, the S5590-HI series supports unicast reverse path lookup (uRPF) technology. When a data packet is received on one of the device's interfaces, it performs a reverse path lookup to verify the existence of a route from the receiving interface to the source address specified in the packet. If the route is not found, the packet is deleted, effectively preventing the increasingly prevalent source address spoofing in networks.
MACsec hardware encryption
MACsec (Media Access Control Security) defines a method for secure data communication over IEEE 802 local area networks. MACsec provides users with secure MAC layer data transmission and reception services, including user data encryption, data frame integrity checks, and data source authenticity verification.
MACsec is typically used in conjunction with the 802.1X authentication framework. It operates after the 802.1X authentication process is successful. By identifying the messages sent by the authenticated device, it uses the key generated by negotiating the MKA (MACsec Key Agreement) protocol to encrypt and perform integrity checks on the authenticated user data, preventing the port from processing messages from unauthenticated devices or messages tampered with by unauthenticated devices.
The H3C S5590-HI series switches support upgraded MACsec encryption technology, employing a 256-bit encryption algorithm to further enhance data security. Furthermore, based on a special hardware design, the S5590-HI series switches feature full-port MACsec encryption capabilities, providing 256-bit MACsec encryption for all ports to ensure data security.
Multiple reliability protections
The H3C S5590-HI series switches feature multiple reliability protections at both the device and link levels, employing overcurrent protection, overvoltage protection, and overheat protection technologies.
The H3C S5590-HI series switches support pluggable AC/DC dual power supply modules, "1+1" power redundancy, and a pluggable dual-fan reliability design. They can be flexibly configured with AC or DC power supply modules and front-to-back or rear-to-front airflow according to the actual environment. In addition, the whole machine supports power supply and fan fault detection and alarm, and can automatically adjust the fan speed according to temperature changes. These designs make the equipment more reliable.
In addition to device-level reliability, this product also supports a wide range of link-level reliability technologies, including protection protocols such as LACP/STP/RSTP/MSTP/Smart Link/RRPP/ERPS/PVST fast ring network protection mechanisms, IRF2 intelligent elastic architecture, 1:N redundancy backup, ring stacking, and cross-device link aggregation, which greatly improves network reliability. Even when the network carries multiple services and high traffic, it does not affect the network convergence time, ensuring the normal operation of services.
It supports dual boot at the hardware level, using two Flash chips to store the boot software (system boot program), achieving hardware-level boot redundancy backup and avoiding the switch failing to start due to Flash chip failure.
It supports ISSU (Uninterrupted Service Upgrade) and OAM (Operation, Management and Maintenance), fully meeting the network's needs for high-performance, easy-to-manage and energy-saving equipment.
MOD packet loss mirroring
MOD (Mirror On Drop) is a technology specifically designed to monitor packet loss during internal forwarding of packets within a device. Once MOD detects packet loss within the device, it immediately collects the time of the packet loss, the cause of the loss, and the characteristics of the dropped packets, and reports this information to a remote data collector so that administrators can promptly understand the packet loss situation occurring within the device.
The H3C S5590-HI series switches support MOD packet loss mirroring technology, which can monitor packet loss events caused by specific reasons during the internal forwarding of specific traffic and collect relevant information when packet loss occurs, and report it to the collector.
Rich QoS policies
The H3C S5590-HI series switches support Layer 2 to Layer 4 packet filtering, providing flow classification based on source MAC address, destination MAC address, source IP address, destination IP address, TCP/UDP port number, protocol type, and VLAN. They offer flexible queue scheduling algorithms, allowing configuration based on both ports and queues, supporting Strict Priority (SP), Weighted Fair Queuing (WFQ), and SP+WFQ modes. They also support Committed Access Rate (CAR) functionality. Port mirroring in both inbound and outbound directions is supported, allowing monitoring of packets on specified ports by copying data packets from one port to the monitoring port for network detection and troubleshooting. Furthermore, the H3C S5590-HI series switches support sFlow functionality, sampling network packets for precise monitoring of network traffic on gigabit/10-gigabit high-speed networks, enabling statistical analysis and control of network traffic.
iNQA Intelligent Network Quality Analysis
The H3C S5590-HI series supports iNQA (Intelligent Network Quality Analyzer), a detection mechanism suitable for large-scale IP networks that can quickly measure network performance. The H3C S5590-HI currently supports packet loss measurement, which can measure forward, reverse, and bidirectional packet loss (including the number of lost packets, packet loss rate, number of lost bytes, and byte loss rate). The measurement results can be used to quickly locate the time, location, and severity of packet loss.
eMDI Enhanced Media Transmission Quality
The H3C S5590-HI series supports eMDI (Enhanced Media Delivery Index), a network quality monitoring and fault localization solution specifically designed for video and audio services. It can directly monitor and analyze specified service packets carried by TCP or RTP on various network nodes in an IP network in real time. Network administrators can combine the monitoring and analysis results of multiple network nodes to quickly pinpoint the location of faults.
Audio quality analysis
Multimedia audio and video services are widely used in daily life, with rich and diverse content, and users' demands for multimedia service experiences are constantly increasing. Traditional network equipment does not distinguish between multimedia traffic and other traffic during user traffic transmission. When network congestion occurs, multimedia audio and video services may experience stuttering, seriously affecting the user experience.
The H3C S5590-HI series supports a service quality analysis function, which can identify user multimedia traffic based on SIP (Session Initiation Protocol). When this function is enabled, the device will prioritize forwarding this type of traffic to ensure service quality. The device will also analyze this type of traffic, collect and save traffic information and session information.
Telemetry visualization
The H3C S5590-HI series switches support Telemetry technology, which can send real-time resource information and alarm information of the switches to the operation and maintenance platform via the gRPC protocol. The operation and maintenance platform analyzes the real-time data and can realize functions such as network quality backtracking, fault diagnosis, risk warning, and architecture optimization, so as to accurately protect the user experience.
Netstream Visualization
NetStream is a statistical technique based on network flow information. It defines a method for statistically analyzing network traffic output by devices. Devices perform statistical analysis on the data forwarded by them and report it to a network traffic analyzer. After merging and processing, the data is stored in a database for further analysis.
The H3C S5590-HI series switches support Netstream network flow information statistics technology, which can analyze and count traffic, and create flow tables to realize one-way/two-way NetStream functions.
Excellent management
The H3C S5590-HI series switches support a rich set of management interfaces, such as Console ports and out-of-band management ports. They support SNMPv1/v2/v3 (Simple Network Management Protocol) and are compatible with common network management platforms like OpenView and the iMC intelligent management center. CLI command line and TELNET are supported for easier device management, and SSH 2.0 and other encryption methods enhance security.
The H3C S5590-HI series switches support SPAN/RSPAN mirroring and multiple mirror observation ports, enabling network traffic analysis to facilitate appropriate management and maintenance measures. This makes previously invisible network service application traffic readily apparent and provides users with various network flow analysis reports to help them optimize network structure and adjust resource deployment in a timely manner.
Professional lightning protection
The H3C S5590-HI series switches employ professional built-in surge protection technology, supporting 10KV surge protection for service ports, which greatly reduces the damage rate of equipment caused by lightning strikes even in harsh working environments.
Networking applications
The H3C S5590-HI series Ethernet switches are gigabit access switches, providing 24/48 auto-sensing gigabit ports downlink. They offer flexible networking options and can be used for gigabit-to-desktop access in campus networks, as well as for connecting data center server clusters. Below are some typical networking methods.
Application in the convergence layer
In large and medium-sized enterprise or campus networks, the H3C S5590-HI series Ethernet switches can be used as aggregation layer switches, providing high-performance, high-capacity switching and 10/25/40/100G uplink services.
Figure 1-1 Application in the aggregation layer of enterprise network/campus network
Applications at the access layer
In a two-layer network, the H3C S5590-HI can also directly connect to end users and then aggregate to the core device through the uplink port.
Figure 1-2 Application in the access layer
Specification | S5590-28T8XC-HI | S5590-28S8XC-HI | S5590-48T4XC-HI | S5590-48S4XC-HI |
Switching capacity | 2.56Tbps/25.6Tbps | |||
Packet forwarding rate | 660Mpps/930Mpps | |||
External dimensions (height × width × depth) (unit: mm) | 44×440×400 | |||
weight | <8kg | |||
Console port | 1 | |||
Management Ethernet port | 10/100/1000Base-T Ethernet port: 1 | |||
USB port | 1 | |||
10/100/1000BASE-T adaptive Ethernet port | 28 | 4 (combo) | 48 | - |
SFP port | 4 (combo) | 28 | - | 48 |
SFP+ port | 8 | 8 | 4 | 4 |
Expansion slots | 2 | |||
Expansion board | 2-port 10 Gigabit SFP+ interface card 4-port 10 Gigabit SFP+ interface card 8-port 10 Gigabit SFP+ interface board 2-port 25GE SFP28 interface board* 4-port 25GE SFP28 interface board* 8-port 25GE SFP28 interface board 2-port 40GE QSFP+ interface board 4-port 40GE QSFP+ interface board* 2-port 100GE QSFP28 interface board Netstream expansion cards Eagle Vision Scanner Expansion Board Firewall board Mini-iMC Expansion Board | |||
Input voltage | AC: Rated voltage range: 100~240V AC, 50/60Hz DC: Input rated voltage range: -48V~-60V DC | |||
Power consumption (static) | 41W | 42W | 43W | 46W |
Power consumption (at full load) | 105W | 122W | 110W | 136W |
Overall leakage current | Meets UL62368-1/EN62368-1/IEC62368-1/UL60950-1/EN60950-1/IEC60950-1/GB4943.1 standards | |||
Operating ambient temperature | -5ºC~45ºC | |||
Relative humidity of the working environment (non-condensing) | 5%~95% | |||
characteristic | Feature Description |
Port aggregation | Support port aggregation Support static aggregation Support dynamic aggregation Supports cross-device link aggregation M-LAG |
Port characteristics | Supports IEEE 802.3x flow control (full duplex). Supports storm suppression based on port rate percentage Supports PPS-based storm suppression Supports bps-based storm suppression |
Jumbo Frame | Supports a maximum frame length of 13312. |
MAC address table | Supports static, dynamic, and black hole MAC addresses. Supports source MAC address filtering Supports setting the maximum number of port MAC addresses to learn. |
VLAN | Supports 802.1Q VLANs Supports 4K VLANs Supports port-based VLANs Supports QinQ, flexible QinQ Supports Guest VLAN STP, RSTP, MSTP, PVST Support MVRP Supports Voice VLAN Supports policy VLANs Supports VLANs based on IP subnets Supports protocol-based VLANs Supports MAC-based VLANs |
Layer 2 ring network protocol | Supports STP/RSTP/MSTP/PVST protocols Supports STP Root Protection Supports BPDU Protection Supports G.8032 Ethernet Ring Protection Protocol (ERPS), with a switching time of ≤50ms, and is compatible with other products that support this protocol. Supports SmartLink tree topology and SmartLink multi-instance, providing millisecond-level protection for primary and backup links. |
DHCP | DHCPv4/v6 Client DHCP Snooping、DHCPv6 Snooping DHCPv4/v6 Relay DHCPv4/v6 Server DHCP Snooping option82/DHCP Relay option82 |
IRF2 Intelligent Elastic Architecture | Supports IRF2 intelligent elastic architecture stacking Supports distributed device management, distributed link aggregation, and distributed elastic routing. Supports stacking via standard Ethernet interfaces and other methods. Supports local stacking and remote stacking Supports stacking up to 9 devices |
IP Router | Supports IPv4/IPv6 static routing Supports IPv4/IPv6 dual stack Supports RIPv1/v2 and RIPng Supports OSPFv1/v2 and OSPFv3 Supports BGP4 and BGP4+ for IPv6 支持IS-IS,IS-IS V6 Supports equal-cost routing and policy-based routing. Supports VRRP/VRRPv3 |
IPv6 | Supports Neighbor Discovery (ND) PMTU supported Supports IPv6-Ping, IPv6-Tracert, IPv6-Telnet, IPv6-TFTP, IPv6-ICMP, IPv6-DNS Supports manual tunneling and automatic tunneling. Supports IPv4 over IPv6 tunnels Supports 6to4 tunnels Supports ISATAP tunnel Supports GRE tunnel |
multicast | Supports IGMP Snooping v1/v2/v3 and fast exit mechanism, MLD Snooping v1/v2 Support PIM Snooping Supports MLD Proxy Supports multicast VLANs Supports multicast load balancing with bundled ports Supports port-based multicast traffic statistics Supports controllable multicast Supports IGMP v1/v2/v3, MLD v1/v2 Supports PIM-DM, PIM-SM, and PIM-SSM. Supports MSDP, MSDP for IPv6 支持MBGP,MBGP for Ipv6 |
MPLS | Support MPLS MCE Supports MPLS L3VPN Supports MPLS L2VPN Support MPLS SR |
VxLAN | Supports VXLAN Layer 2 switching Supports VXLAN routing and switching Supports VXLAN centralized gateways and distributed Anycast gateways. Supports BGP EVPN Supports OpenFlow+Netconf VxLAN centralized control plane and automated deployment |
Mirror | Support streaming mirroring Supports N:M port mirroring Supports local and remote port mirroring Support ERSPAN |
TAP | Supports port-based N:M replication Supports GRE tunnel stripping encapsulation Supports same source and same destination, supports message truncation Support source port identification Supports adding timestamps and Ethernet headers Identify the specified message, modify the MAC address or IP address, and then copy and forward it. |
Supports ACL and QoS | Supports L2 (Layer 2) to L4 (Layer 4) packet filtering functions, providing flow classification based on source MAC address, destination MAC address, source IP (IPv4/IPv6) address, destination IP (IPv4/IPv6) address, TCP/UDP port number, and VLAN. Supports Time Range ACLs Each port supports 8 queues. Supports bidirectional ACL policies for both inbound and outbound directions. Supports issuing ACLs based on VLANs It supports limiting the rate at which packets are received and sent at a port. Support message redirection Supports 802.1p and DSCP priority remarking of messages. Supports CAR (Committed Access Rate) functionality It supports flexible queue scheduling algorithms, allowing configuration based on both port and queue, and supports three modes: SP, WFQ, and SP+WFQ. Support network slicing |
Safety features | Supports hierarchical user management and password protection Supports 802.1X authentication/centralized MAC address authentication Supports Portal authentication Supports Guest VLAN Supports RADIUS certification Supports HWTACACS+ certification Supports SSH 2.0 Supports port isolation, port security, and Sticky MAC. Supports combined binding of IP, MAC, port, and VLAN. Supports blacklists and whitelists Support MFF Support EAD Supports SAVI and SAVA to ensure IPv6 environment security. Supports DHCP Snooping and DHCPv6 Snooping to prevent spoofing DHCP servers. Supports Dynamic ARP Inspection (DAI) to prevent man-in-the-middle attacks and ARP denial-of-service attacks. Supports protection against DOS attacks Supports ARP attack prevention Supports protection against ICMP attacks Support CPU protection Supports CPU attack prevention Support basic network protection Supports BPDU guard and Root guard Supports uRPF (Unicast Reverse Path Detection) to prevent IP source address spoofing and protect against viruses and attacks. Supports IP/Port/MAC binding functionality Supports plaintext and MD5 encrypted authentication of OSPF and RIPv2 packets. Supports PKI (Public Key Infrastructure). |
Management and maintenance | Supports hot patching, allowing for online patch upgrades. Supports XModem/FTP/TFTP loading and upgrade Configuration is supported via command-line interface (CLI), Telnet, and Console. Supports converged AC, and can manage up to 2K APs. Supports Netcool network management platform Supports SNMPv1/v2/v3, RMON (Remote Monitoring) Supports hardware BFD for VRRP/IS-IS/BGP/RIP/OSPF/static routes, with a minimum detection interval of 3ms. Support iMC Intelligent Management Center Supports Syslog, system logs, tiered alarms, and debug information output. Support NTP Supports power supply alarm functions, fan alarms, and temperature alarms. Supports Ping and Tracert Supports VCT (Virtual Cable Test) cable testing function Supports DLDP (Device Link Detection Protocol) unidirectional link detection protocol Support LLDP Supports hardware BFD with a minimum detection interval of 3ms. Supports BFD for BGP/IS-IS/OSPF/static routes, etc. Support Y.1731 Supports Ethernet OAM Supports Telemetry visualization Supports NETCONF network management protocol Supports Python script management and maintenance Supports Loopback detection (port loopback detection) Supports NetStream functionality, with a traffic analysis sampling ratio of 1:1. Support SFLOW Supports file upload and download via USB, and supports USB setup. Supports ID indicator lights, which can be used to locate the device position by flashing the indicator lights. |
inQA | Supports iNQA intelligent network quality analysis Supports direct tagging of business packets to obtain real-time statistics on packet loss count and packet loss rate. Supports network-level and device-level statistics on packet loss quantity and rate. |
Green and energy-saving | Automatic Power Down Function for Ports Port scheduled down function (Schedule job) Supports EEE (802.3az) energy-saving standard |
